AbstractAs a lock enthusiast and professional pentester, I think a lot about ways to quickly or reliably gain access to restricted areas without relying on my picks. This talk will cover several ways to perform escalation of privilege in the physical world.

If you missed the first Humble Bundle, my book is now available in No Starch Press’ “Hacking 2.0” bundle: https://www.humblebundle.com/books/hacking-no-starch-press-books. Pay $8 or more and get my eBook, along with several other great tiles, and you’ll also support great charities like the EFF. Just be quick – the bundle is only available for 12 more days.

Ed & his team at CounterHack/SANS announced the winners of the 2018 SANS Holiday Hack Challenge this week. While I didn’t win, my report did get an honorable mention! Not bad for my first year playing. If you’d like to see my entry, you can download it here.

Late last year I decided to spend some time during the holidays to work on the SANS Holiday Hack Challenge. I’ve looked at a few of their challenges in the past, but never during the actual competition period, and never going through an entire year’s challenge. I’m very happy I did. Ed & team put together an awesome narrative, full of a variety of infosec-related puzzles, covering everything from web pentesting to forensics. Now that the competition is over, I thought I’d share a copy of my solution, in case anyone wants to compare; I’m sure everyone’s process was a bit different, and it is great to have several ideas of how to solve a problem.

My write-up is themed as a pentest report, since that’s the format I am most comfortable with. I hope you enjoy it. You can download it here.

I had a lot of fun meeting many folks, catching up with old friends, and hearing some great talks at ShmooCon. I was fortunate to not only get to do a book signing at the No Starch Press booth, but also take home the second place trophy from the TOOOL DC Locksport Village! Thanks to everyone who came to the signing, or who stopped me just to say hello. I hope to see you all again soon.

Exciting news! My book, Pentesting Azure Applications, is in the No Starch Hacking for the Holidays Humble Bundle! For the next two weeks, a donation of $15 or more will support the EFF and get you a collection of No Starch’s security titles. Check it out!

Are you excited to vote on Tuesday? To sweeten the deal, I’ll be giving away a signed copy of my book, Pentesting Azure Applications, to someone who votes! Just send me a photo showing you voted (selfie in line, “I voted” sticker, WA ballot stub, etc.) by Wednesday, 5 PM PST. I’ll randomly pick a winner. You can send it to me on Twitter @mattburrough or by email matt {at} (my last name) .org.

I will be speaking next week at the 2018 Seattle Cloud Security Alliance Conference “Securing the Digital Horizon @ Cloud City”. My talk is Best Practices for Securing Cloud Deployments, where I will be discussing some key threat vectors against cloud deployments, and the various ways you can mitigate the risks.

The conference is in Bellevue on September 21st. More information and registration is available at csaseattlechapter.org.

I just got notification that my book, Pentesting Azure Applications, is scheduled for delivery! Order now and be one of the first to get a copy! I hope everyone finds it informative, entertaining, and well written.

I recently built a timed lock picking competition, based on a similar design created by @dossman33. It consists of four deadbolts (plus two spares), all pinned identically, that, when opened, trigger a switch wired to a Raspberry Pi. The Pi has a UI written in Python that shows the current elapsed time, plus the time that each station opened. I’ve shared the code at https://github.com/mburrough/locktimer.